Lucene search
K
RedhatcveMost viewed

206363 matches found

RedhatCVE
RedhatCVE
added 2020/06/29 9:20 a.m.60 views

CVE-2020-1066

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by...

4.6CVSS5.4AI score0.02309EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/06/25 12:54 p.m.60 views

CVE-2020-2934

A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user's connection and insert unauthorized SQL commands...

5.1CVSS5.5AI score0.032EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2020/01/07 9:41 a.m.60 views

CVE-2019-6974

A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvmioctlcreatedevice, the device holds a reference to a VM object, later this reference is transferred to the caller's file descriptor table. If suc...

8.1CVSS1.8AI score0.16523EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2019/10/26 12:27 p.m.60 views

CVE-2019-9023

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in...

9.8CVSS2.7AI score0.09317EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2019/10/10 5:40 p.m.60 views

CVE-2019-0192

A flaw was found in the Apache Solr's Config API, where it would permit the configuration of the JMX server via an HTTP POST request. An attacker could use this flaw to direct traffic to a malicious RMI server, and then trigger remote code execution or conduct further attacks. Mitigation Upgrade ...

9.8CVSS0.6AI score0.77508EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2019/10/10 10:12 a.m.60 views

CVE-2017-5645

It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the...

9.8CVSS4.2AI score0.8904EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2019/05/28 5:50 p.m.60 views

CVE-2018-15664

A flaw was discovered in the API endpoint behind the 'docker cp' command. The endpoint is vulnerable to a Time Of Check to Time Of Use TOCTOU vulnerability in the way it handles symbolic links inside a container. An attacker who has compromised an existing container can cause arbitrary files on t...

7.5CVSS1.2AI score0.03398EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2019/04/26 7:50 a.m.60 views

CVE-2019-11331

Network Time Protocol NTP, as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks. Mitigation On Red Hat Enterprise Linux 6 and later, switching from ntp to chrony is recommended. Amo...

8.1CVSS0.6AI score0.02637EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2018/06/15 6:20 p.m.60 views

CVE-2018-12437

LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...

5.5CVSS2.4AI score0.00887EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2017/12/18 8:49 a.m.60 views

CVE-2017-17712

A flaw was found in the Linux kernel's implementation of rawsendmsg allowing a local attacker to panic the kernel or possibly leak kernel addresses. A local attacker, with the privilege of creating raw sockets, can abuse a possible race condition when setting the socket option to allow the kernel...

7.8CVSS2.9AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2016/10/18 8:18 p.m.60 views

CVE-2016-5597

A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication...

5.9CVSS0.9AI score0.03937EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/10 12:34 a.m.59 views

CVE-2025-56630

FoxCMS v1.2.5 and before is vulnerable to SQL Injection via the columnmodel parameter in the app/admin/controller/Column.php file...

7.3CVSS8.1AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:48 p.m.59 views

CVE-2022-36970

This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 20.0 Build: 4201.2111.1802.0000 Service Pack 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...

7.8CVSS6.8AI score0.00647EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2024/09/26 8:9 p.m.59 views

CVE-2024-47176

A security issue was found in OpenPrinting CUPS. The function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description PPD file based on attributes retrieved from an Internet Printing Protocol IPP response. Essentially, it takes printer information...

7.5CVSS8.2AI score0.50174EPSS
Exploits14References5
RedhatCVE
RedhatCVE
added 2024/02/16 6:20 p.m.59 views

CVE-2024-21892

A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAPNETBINDSERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this...

8.1CVSS5.9AI score0.00562EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/02/07 7:29 a.m.59 views

CVE-2024-1300

A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading...

5.4CVSS5.7AI score0.01055EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/10/05 4:54 p.m.59 views

CVE-2023-3171

A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result i...

7.5CVSS6.8AI score0.00851EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/09/28 7:24 a.m.59 views

CVE-2023-20555

A flaw was found in hw. Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer, potentially leading to arbitrary code execution in SMM. Mitigation Please contact AMD for further informatio...

8.2CVSS7.8AI score0.00299EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/09/22 8:24 p.m.59 views

CVE-2023-36479

A flaw was found in Jetty's CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested...

3.5CVSS5AI score0.01006EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2023/09/13 9:49 a.m.59 views

CVE-2023-36793

A vulnerability was found in dotnet. This issue can lead to an out-of-bounds write when loading PDB type records in msdia140.dll used by Visual Studio. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria...

7.8CVSS7.5AI score0.01441EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/08/09 7:48 a.m.59 views

CVE-2023-34319

A buffer overrun vulnerability was found in the netback driver in Xen due to an unusual split packet. This flaw allows an unprivileged guest to cause a denial of service DoS of the host by sending network packets to the backend, causing the backend to crash...

5.5CVSS6.7AI score0.00296EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/08/07 7:48 a.m.59 views

CVE-2023-4155

A flaw was found in KVM AMD Secure Encrypted Virtualization SEV in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler multiple time...

5.3CVSS6.8AI score0.00159EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/07/10 6:17 p.m.59 views

CVE-2023-31248

A use-after-free flaw was found in the Linux kernel's Netfilter module in net/netfilter/nftablesapi.c in nftchainlookupbyid. This flaw allows a local attacker to cause a local privilege escalation issue due to a missing cleanup. Mitigation To mitigate this issue, it is possible to prevent the...

7.8CVSS7.5AI score0.02033EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2023/06/14 5:48 a.m.59 views

CVE-2023-24895

A flaw was found in dotnet. This issue can allow remote code execution when WPF is handling XAML Frame elements...

7.8CVSS8.1AI score0.01058EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2023/03/14 5:13 a.m.59 views

CVE-2022-25967

A flaw was found in the ETA npm package. Affected versions of this package are vulnerable to remote code execution RCE by overwriting template engine configuration variables with view options received from The Express render API...

8.8CVSS6.6AI score0.01995EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2023/02/27 2:59 p.m.59 views

CVE-2022-20566

A use-after-free flaw was found in the Linux kernel's Bluetooth functionality. A user could trigger a race condition while closing the connection. This issue may allow a local user to crash or potentially escalate their privileges on the system. Mitigation The only way to mitigate these...

7.8CVSS0.9AI score0.00165EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2023/02/14 5:57 p.m.59 views

CVE-2023-25725

A flaw was found in HAProxy's headers processing that causes HAProxy to drop important headers fields such as Connection, Content-length, Transfer-Encoding, and Host after having partially processed them. A maliciously crafted HTTP request could be used in an HTTP request smuggling attack to bypa...

8.2CVSS8.6AI score0.05493EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2023/01/24 4:36 a.m.59 views

CVE-2022-39193

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with suppression...

3.5CVSS5.4AI score0.00601EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/11/23 7:26 p.m.59 views

CVE-2022-42895

An information leak vulnerability was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capparseconfreq function. An attacker with physical access within the range of standard Bluetooth transmission could use thi...

6.5CVSS4.9AI score0.00395EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/10/14 7:28 p.m.59 views

CVE-2022-3517

A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand function with specific arguments, resulting in a Denial of Service...

7.5CVSS4.3AI score0.01674EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/09/30 5:18 p.m.59 views

CVE-2022-39956

A flaw was found in the OWASP ModSecurity Core Rule Set. A payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields allows HTTP multipart requests to bypass detection...

7.3CVSS1.2AI score0.00952EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/09/26 9:49 a.m.59 views

CVE-2022-41317

A flaw was found in squid. A trusted client can directly access the cache manager information, bypassing the manager ACL protection and resulting in information disclosure. Mitigation Adding the following line to the squid.conf file is a workaround: acl manager urlregex +i...

6.5CVSS6.6AI score0.0169EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/08/30 6:40 p.m.59 views

CVE-2022-38149

A vulnerability was found in the HashiCorp Consul Template. This issue may reveal the contents of a Vault secret when used with an invalid template...

7.5CVSS0.7AI score0.00718EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/05/18 10:42 p.m.59 views

CVE-2022-1473

A memory leak flaw was found in OpenSSL, resulting in TLS servers and clients being halted by out-of-memory conditions, leading to a denial of service. An attacker needs to repeat actions continuously to trigger this vulnerability, resulting in a loss of application availability. Mitigation Red H...

7.5CVSS1.6AI score0.02386EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/05/11 7:8 p.m.59 views

CVE-2022-1622

An out-of-bounds read vulnerability was found in Libtiff's LZWDecode function in libtiff/tiflzw.c. This flaw allows an attacker to perform a denial-of-service attack via a crafted tiff file, leading to the application crashing...

5.5CVSS4.5AI score0.01684EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/05/07 1:58 p.m.59 views

CVE-2022-0235

A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized...

8.8CVSS3.4AI score0.01646EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/04/13 9:22 a.m.59 views

CVE-2022-29041

A flaw was found in the Jenkins Jira plugin. The Jenkins Jira plugin does not escape the name and description of a Jira Issue and Jira Release Version parameters on views displaying parameters. This issue results in a stored Cross-site scripting XSS vulnerability exploitable by attackers with...

6.4CVSS2.6AI score0.00825EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/04/11 5:32 a.m.59 views

CVE-2022-22629

A buffer overflow vulnerability was found in WebKitGTK and WPE WebKit. This flaw allows a remote attacker to process maliciously crafted web content, leading to arbitrary code execution...

8.8CVSS5.2AI score0.03668EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/04/04 4:26 p.m.59 views

CVE-2022-27943

A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangleconst function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a...

5.5CVSS5.6AI score0.00892EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/03/23 9:3 p.m.59 views

CVE-2022-24772

A flaw was found in the node-forge package. This signature verification leniency allows an attacker to forge a signature...

7.5CVSS3.7AI score0.01015EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/03/21 4:34 p.m.59 views

CVE-2022-23710

A flaw was found in Kibana’s data preview pane. This issue allows a Cross-Site scripting attack...

6.1CVSS3.5AI score0.00759EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/02/25 3:18 p.m.59 views

CVE-2022-26126

frrouting is vulnerable to a flaw that can cause stack overflow due to processing binary data as simple string data. Since c string data is not being processed when processing packets , correct binary aware functions should be used. There is high impact to availability due to the fact that the...

7.8CVSS4.1AI score0.01068EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/02/22 11:31 a.m.59 views

CVE-2022-23308

A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XMLPARSEDTDVALID option and without the XMLPARSENOENT option, resulting in a use-after-free issue...

8.1CVSS8AI score0.0601EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/02/17 3:48 p.m.59 views

CVE-2022-25308

A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service...

7.8CVSS4.3AI score0.00508EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/02/11 11:49 a.m.59 views

CVE-2022-21713

An Insecure Direct Object Reference IDOR vulnerability was found on Grafana Teams APIs. This flaw impacts the /teams/:teamId, /teams/:search, /teams/:teamId/members API endpoints and may allow an authenticated attacker to view unintended data by querying for the specific team ID or search for tea...

4.3CVSS0.7AI score0.01185EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2022/01/31 3:6 p.m.59 views

CVE-2021-44141

A vulnerability was found in Samba due to an insecure link following. By querying a symlink inside the exported share using SMB1 with unix extensions turned on, an attacker can discover if a named or directory exists on the filesystem outside the exported share. This flaw allows a remote...

6.5CVSS5.5AI score0.01097EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2022/01/13 6:46 a.m.59 views

CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...

8.8CVSS2AI score0.37951EPSS
Exploits7References3
RedhatCVE
RedhatCVE
added 2022/01/12 11:23 p.m.59 views

CVE-2022-22748

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have confused Thunderbird into showing the wrong origin when asking to launch a program and handling an external URL protocol...

6.5CVSS1.6AI score0.00737EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2022/01/12 11:23 p.m.59 views

CVE-2022-22751

The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these...

8.8CVSS2.1AI score0.0087EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2021/12/23 9:11 p.m.59 views

CVE-2021-4158

A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. Mitigation Mitigation for this issue is either not available or the currently...

6CVSS1.6AI score0.00375EPSS
Exploits1References4
Total number of security vulnerabilities5000